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AMENDMENTS TO THE CLAIMS 



1 1 . (Currently amended) A method of preventing an attack on a network, wherein the attack 

2 comprises injecting a spurious transmission control protocol (TCP) segment into a TCP 

3 connection between a sender and a receiver, the method comprising the computer- 

4 implemented steps of: 

5 receiving a TCP segment carrying a sequence value and an ACK value; 

6 determining whether the ACK value is less than the difference of a next unacknowledged 

7 sequence value and a lesser of either (a) a total number of bytes sent in the TCP 

8 connection or (b) a maximum window size associated with the TCP connection; 

9 and 

10 discarding the TCP segment when the ACK value is less than the difference of a next 

1 1 imacknowledged sequence value and the lesser of either (a) the total nimiber of 

12 bytes sent in the TCP connection or (b) the maximum window size associated 

13 with the TCP connection. 

1 2. (Original) A method as recited in Claim 1, wherein the steps are performed by an 

2 endpoint node acting as the receiver of data in the TCP connection. 

1 3. (Original) A method as recited in Claim 1 , wherein the steps are performed by a TCP 

2 application of an operating system of a network infrastructure element. 

1 4. (Original) A method as recited in Claim 1, wherein the steps are performed by a TCP 

2 process, stack, adapter or agent hosted by or associated with an operating system of a personal 

3 computer, workstation or other network end station. 

1 5. (Original) A method as recited in Claim 1, wherein the maximum window size 

2 comprises a maximum TCP sequence value window size that an endpoint node in the TCP 

3 connection can manage without regard to any change in current window size that either endpoint 

4 may estabUsh during the TCP connection. 
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1 6. (Original) A method as recited in Claim 1 , 

2 wherein the determining step comprises determining whether the ACK value is equal to 

3 an expected ACK value or a range of values less than an initial sequence value 

4 window; and 

5 wherein the discarding step comprises discarding the TCP segment when the ACK value 

6 is equal to an expected ACK value or a range of values less than an initial 

7 sequence value window. 

1 7. (Currently amended) A method of preventing an attack on a network, wherein the attack 

2 comprises injecting a spurious transmission control protocol (TCP) segment into a TCP 

3 connection between a sender and a receiver the method comprising the computer-implemented 

4 steps of: 

5 receiving a first TCP segment carrying a sequence value; 

6 determining whether the sequence value is equal to a next expected sequence value; 

7 when the sequence value is equal to a next expected sequence value, determining whether 

8 data carried in the first TCP segment overlaps data carried in one or more second 

9 TCP segments that were previously received in a re-assembly buffer; and 

10 discarding the on e or mor e s e cond all TCP segments frem -that are m t he re-assembly 

1 1 buffer when the first TCP segment overlaps any data segment previously received 

12 in the re-assembly buffer. 

1 8. (Currently amended) A method as recited in Claim 7, wh e r e in th e discarding step 

2 compris e s discarding all TCP segm e nts that are further comprising storing the first TCP segment 

3 in the re-assembly buffer when the first TCP segment overlaps any data segment previously 

4 received in the re-assembly buffer. 

1 9. (Original) A method as recited in Claim 7, wherein the data carried in the first TCP 

2 segment overlaps data carried in the one or more second TCP segments that were previously 

3 received in the re-assembly buffer when a first sum of a first sequence value and data length 

4 carried in the first TCP segment is less than a second sequence value carried in any of the second 

5 segments. 
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1 10. (Original) A method as recited in Claim 7, wherein the discarding step is performed 

2 when the first TCP segment completely overlaps any data segment previously received in the re- 

3 assembly buffer. 

1 11. (Original) A method as recited in Claim 7, further comprising the step of sending an 

2 acknowledgment message that acknowledges data the sequence values of the first TCP segment. 

1 12. (Original) A method as recited in Claim 7, wherein the steps are performed by an 

2 endpoint node acting as the receiver of data in the TCP coimection. 

1 13, (Original) A method as recited in Claim 7, wherein the steps are performed by a TCP 

2 application of an operating system of a network infi^eistructure element. 

1 14. (Original) A method as recited in Claim 7, wherein the steps are performed by a TCP 



2 process, stack, adapter or agent hosted by or associated with an operating system of a personal 

3 computer, workstation or other network end station. 



1 15.-17. (Canceled) 



1 18. (New) A computer-readable tangible storage medium carrying one or more sequences of 

2 instructions for preventing an attack on a network, wherein the attack comprises sending a 

3 spurious transmission control protocol (TCP) segment with unwanted or spurious DATA, 

4 wherein the execution of the one or more sequences of instructions by one or more processors 

5 causes the one or more processors to perform: 

1 receiving a TCP segment carrying a sequence value and an ACK value; 

2 determining whether the ACK value is less than the difference of a next unacknowledged 

3 sequence value and a lesser of either (a) a total number of bytes sent in the TCP 

4 connection or (b) a maximum window size associated with the TCP connection; 

5 and 
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discarding the TCP segment when the ACK value is less than the difference of a next 
unacknowledged sequence value and the lesser of either (a) the total number of 
bytes sent in the TCP connection or (b) the maximum window size associated 
with the TCP connection. 



1 19. (New) A computer-readable tangible storage medium carrying one or more sequences of 

2 instructions for preventing an attack on a network, wherein the attack comprises injecting a 

3 spurious transmission control protocol (TCP) segment into a TCP connection between a sender 

4 and a receiver, wherein the execution of the one or more sequences of instructions by one or 

5 more processors causes the one or more processors to perform: 

6 receiving a first TCP segment carrying a sequence value; 

7 determining whether the sequence value is equal to a next expected sequence value; 

8 when the sequence value is equal to a next expected sequence value, determining whether 

9 data carried in the first TCP segment overlaps data carried in one or more second 

1 0 TCP segments that were previously received in a re-assembly buffer; and 

1 1 discarding the all TCP segments that are in the re-assembly buffer when the first TCP 

12 segment overlaps any data segment previously received in the re-assembly buffer. 

1 20. (New) An apparatus for preventing an attack on a network, wherein the attack comprises 

2 sending a spurious transmission control protocol (TCP) segment with a spurious or imwanted 

3 DATA, comprising: 

4 means for receiving a TCP segment carrying a sequence value and an ACK value; 

5 means for determining whether the ACK value is less than the difference of a next 

6 unacknowledged sequence value and a lesser of either (a) a total number of bytes 

7 sent in the TCP connection or (b) a maximum window size associated with the 

8 TCP connection; and 

9 means for discarding the TCP segment when the ACK value is less than the difference of 

10 a next unacknowledged sequence value and the lesser of either (a) the total 

1 1 number of bytes sent in the TCP connection or (b) the maximum window size 

12 associated with the TCP connection. 
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1 21 . (New) An apparatus as recited in Claim 20, comprising an endpoint node acting as the 

2 receiver of data in the TCP connection. 

1 22. (New) An apparatus as recited in Claim 20, wherein the means comprise a TCP 

2 . application of an operating system of a network infrastructure element. 

1 23. (New) An apparatus as recited in Claim 20, wherein the means comprise a TCP process, 

2 stack, adapter or agent hosted by or associated with an operating system of a personal computer, 

3 workstation or other network end station. 

1 24. (New) An apparatus as recited in Claim 20, wherein the maximum window size 

2 comprises a maximum TCP sequence value window size that an endpoint node in the TCP 

3 connection can manage without regard to any change in current window size that either endpoint 

4 may establish during the TCP connection. 

1 25. (New) An apparatus as recited in Claim 20, 

2 wherein the determining means comprises means for. determining whether the ACK value 

3 is equal to an expected ACK value or a range of values less than an initial 

4 sequence value window; and 

5 wherein the discarding means comprises means for discarding the TCP segment when the 

6 ACK value is equal to an expected ACK value or a range of values less than an 

7 initial sequence value window. 

1 26. (New) An apparatus for preventing an attack on a network, wherein the attack comprises 

2 sending a spurious transmission control protocol (TCP) segment with spurious or 

3 unwanted DATA, comprising: 

4 a processor; 

5 one or more stored sequences of instructions that are accessible to the processor and 

6 which, when executed by the processor, cause the processor to perform: 

7 receiving a TCP segment carrying a sequence value and an ACK value; 
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determining whether the ACK value is less than the difference of a next unacknowledged 
sequence value and a lesser of either (a) a total number of bytes sent in the TCP 
connection or (b) a maximum window size associated with the TCP connection; 



11 



and 



15 



14 



13 



12 



discarding the TCP segment when the ACK value is less than the difference of a next 
unacknowledged sequence value and the lesser of either (a) the total number of 
bytes sent in the TCP connection or (b) the maximum window size associated 
with the TCP connection. 



1 27. (New) An apparatus as recited in Claim 26, comprising an endpoint node acting as the 

2 receiver of data in the TCP connection. 

1 28. (New) An apparatus as recited in Claim 26, wherein the steps are performed by a TCP 

2 application of an operating system of a network infrastructure element. 

1 29. (New) An apparatus as recited in Claim 26, wherein the steps are performed by a TCP 

2 process, stack, adapter or agent hosted by or associated with an operating system of a personal 

3 computer, workstation or other network end station. 

1 30. (New) An apparatus as recited in Claim 26, wherein the maximum window size 

2 comprises a maximum TCP sequence value window size that an endpoint node in the TCP 

3 connection can manage without regard to any change in current window size that either endpoint 

4 may establish during the TCP connection. 

1 31. (New) An apparatus as recited in Claim 20, 

2 wherein the determining step comprises determining whether the ACK value is equal to 

3 an expected ACK value or a range of values less than an initial sequence value 

4 window; and 

5 wherein the discarding step comprises discarding the TCP segment when the ACK value 

6 is equal to an expected ACK value or a range of values less than an initial 

7 sequence value window.. 
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1 32. (New) An apparatus for preventing an attack on a network, wherein the attack comprises 

2 injecting a spurious transmission control protocol (TCP) segment into a TCP connection between 

3 a sender and a receiver, the apparatus comprising: 

4 means for receiving a first TCP segment carrying a sequence value; 

5 means for determining whether the sequence value is equal to a next expected sequence 

6 value; 

7 means for determining, when the sequence value is equal to a next expected sequence 

8 value, whether data carried in the first TCP segment overlaps data carried in one 

9 or more second TCP segments that were previously received in a re-assembly 

10 buffer; and 

1 1 means for discarding the all TCP segments that are in the re-assembly buffer when the 

12 first TCP segment overlaps any data segment previously received in the re- 

13 assembly bufifer. 

1 33. (New) An apparatus as recited in Claim 32, further comprising means for storing the first 

2 TCP segment in the re-assembly buffer when the first TCP segment overlaps any data segment 

3 previously received in the re-assembly buffer. 

1 34. (New) An apparatus as recited in Claim 32, wherein the data carried in the first TCP 

2 segment overlaps data carried in the one or more second TCP segments that were previously 

3 received in the re-assembly buffer when a first sirni of a first sequence value and data length 

4 carried in the first TCP segment is less than a second sequence value carried in any of the second 

5 segments. 

1 35. (New) An apparatus as recited in Claim 32, wherein the discarding means comprises 

2 means for discarding when the first TCP segment completely overlaps any data segment 

3 previously received in the re-assembly buffer. 

1 36. (New) An apparatus as recited in Claim 32, further comprising means for sending an 

2 acknowledgment message that acknowledges data the sequence values of the first TCP segment. 
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1 37. (New) An apparatus as recited in Claim 32, comprising an endpoint node acting as the 

2 receiver of data in the TCP connection. 

1 38. (New) An apparatus as recited in Claim 32, wherein the means comprise a TCP 

2 appUcation of an operating system of a network infrastructure element. 

3 39. (New) An apparatus as recited in Claim 32, wherein the means comprise a TCP process, 

4 stack, adapter or agent hosted by or associated with an operating system of a personal computer, 

5 workstation or other network end station. 

1 40. (New) An apparatus for preventing an attack on a network, wherein the attack comprises 

2 sending a spurious transmission control protocol (TCP) segment with spurious or 

3 unwanted DATA, comprising: 

4 a processor; 

5 one or more stored sequences of instructions that are accessible to the processor and 

6 which, when executed by the processor, cause the processor to carry out the steps 

7 of: 

8 receiving a first TCP segment carrying a sequence value; 

9 determining whether the sequence value is equal to a next expected sequence value; 

10 determining, when the sequence value is equal to a next expected sequence value, 

1 1 whether data carried in the first TCP segment overlaps data carried in one or more 

12 second TCP segments that were previously received in a re-assembly buffer; and 

13 discarding the all TCP segments that are in the re-assembly buffer when the first TCP 

14 segment overlaps any data segment previously received in the re-assembly buffer. 

1 41 . (New) An apparatus as recited in Claim 40, further comprising instructions for storing 

2 the first TCP segment in the re-assembly buffer when the first TCP segment overlaps any data 

3 segment previously received in the re-assembly buffer. 
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1 42. (New) An apparatus as recited in Claim 40, wherein the data carried in the first TCP 

2 segment overlaps data carried in the one or more second TCP segments that were previously 

3 received in the re-assembly buffer when a first sum of a first sequence value and data length 

4 carried in the first TCP segment is less than a second sequence value carried in any of the second 

5 segments. 

1 43. (New) An apparatus as recited in Claim 40, wherein the instructions for discarding 

2 comprise instructions for discarding when the first TCP segment completely overlaps any data 

3 segment previously received in the re-assembly buffer. 

1 44. (New) An apparatus as recited in Claim 40, fiirther comprising instructions for sending 

2 an acknowledgment message that acknowledges data the sequence values of the first TCP 

3 segment. 

1 45. (New) An apparatus as recited in Claim 40, comprising an endpoint node acting as the 

2 receiver of data in the TCP connection. 

1 46. (New) An apparatus as recited in Claim 40, wherein the instructions comprise a TCP 

2 application of an operating system of a network infi'astructure element. 

1 47. (New) An apparatus as recited in Claim 40, wherein the instructions comprise a TCP 

2 process, stack, adapter or agent hosted by or associated with an operating system of a personal 

3 computer, workstation or other network end station. 
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